On 08/06/2015 01:47 PM, Miroslav Grepl wrote:
On 07/31/2015 08:49 PM, Lennart Poettering wrote:
> On Thu, 30.07.15 19:57, Lennart Poettering (mzerqung(a)0pointer.de) wrote:
>
>> Heya!
>>
>> I'd like to ask everybody to test kdbus on Rawhide. Josh thankfully
>> added it to the Rawhide kernel packages, and our systemd RPMs come
>> with built-in support, too now. If you are running an up-to-date
>> Rawhide system adding "kdbus=1" to your kernel command line is hence
>> everything you need to run kdbus instead of dbus-daemon. (No
>> additional RPMs need to be installed.) If you do, things should just
>> work the same way as before, if we did everything right. By adding or
>> dropping "kdbus=1" to/from the command line you can enable kdbus or
>> revert back to dbus1 on each individual boot.
>
> Quick update:
>
> We have released a new version of systemd now with all bugs reported
> here fixed. It's also in Rawhide already, but it might not have hit
> all mirrors yet. To download it directly, please use:
>
>
http://koji.fedoraproject.org/koji/buildinfo?buildID=674692
>
> And please remember to turn selinux at least into permissive mode when
> using this, or even turn it off entirely while testing ("kdbus=1
> selinux=0" on the kernel command line).
As you probably know this is not only about a policy fix. We added a
support for /sys/fs/kdbus in the latest rawhide policy builds to avoid
unlabeled_t issues and we can better track all issues related to kdbusfs_t.
But there is no a good policy fix in this state. It requires LSM/SELinux
support
in kernel
and without this support it is a completely uncontrolled IPC
mechanism.
Also some mails about the kdbus development plans and timing would
be helpful.
Thanks.
Mirek
>
> Thanks a lot to everybody who already tested this!
>
> Please test the new version, any feedback much appreciated!
>
> Lennart
>
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.